Morgan Stanley
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Morgan Stanley faced significant data security lapses, leading to the exposure of customer personal information. The breach was primarily due to the company’s failure to properly decommission and erase unencrypted data from its computers and servers before they were auctioned off or went missing. This negligence resulted in the compromise of personal information, including data belonging to 1.1 million New Yorkers and affecting millions of customers nationwide.
The New York Attorney General, Letitia James, along with a coalition of attorneys general from Connecticut, Florida, Indiana, New Jersey, and Vermont, secured a $6.5 million settlement from Morgan Stanley for these failures. The settlement requires Morgan Stanley to implement stronger data security measures, including maintaining a comprehensive information security program, encrypting all personal information, and maintaining a vendor risk assessment team to ensure compliance with data security requirements[1][11][12].
This incident is part of a series of data breaches and security lapses at Morgan Stanley, including a previous $35 million fine by the SEC for failing to adequately protect the personal information of approximately 15 million customers[6]. The breaches involved missing equipment and the improper disposal of devices containing customer personal information, highlighting significant shortcomings in Morgan Stanley’s vendor controls and hardware inventory management[5][9][10][15].
Morgan Stanley’s data security incidents underscore the importance of robust data protection practices and the need for financial institutions to take their responsibility to safeguard customer information seriously. The settlement and the required improvements in Morgan Stanley’s data security practices aim to prevent future breaches and protect consumers’ personal information[1][11][12].
Citations:
- https://ag.ny.gov/press-release/2023/attorney-general-james-and-multistate-coalition-secure-65-million-morgan-stanley
- https://www.reuters.com/business/finance/morgan-stanley-says-some-personal-data-stolen-after-data-breach-2021-07-08/
- https://www.reuters.com/business/finance/morgan-stanley-hit-bankers-with-up-1-mln-penalties-messaging-breaches-ft-2023-01-26/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.thinkadvisor.com/2020/08/28/morgan-stanley-hit-with-data-breach-suit-tied-to-missing-equipment/
- https://www.huntonprivacyblog.com/2022/09/21/sec-fines-morgan-stanley-35-million-for-alleged-failure-to-protect-customer-data/
- https://www.reuters.com/business/finance/morgan-stanley-is-fined-by-us-regulator-municipal-securities-violations-2024-02-15/
- https://motiva.net/morgan-stanley-data-breach/
- https://resource-recycling.com/e-scrap/2022/10/12/morgan-stanley-pays-millions-more-in-wake-of-itad-mishaps/amp/
- https://www.securityweek.com/morgan-stanley-ordered-to-pay-6-5-million-for-exposing-customer-information/
- https://www.legaldive.com/news/morgan-stanley-fined-65m-client-data-breach-ny-ag/700229/
- https://brooklyneagle.com/articles/2023/11/21/attorney-general-secures-6-5-million-from-morgan-stanley/
- https://www.bloomberg.com/news/articles/2023-01-26/morgan-stanley-fines-bankers-over-messaging-breaches-ft-reports
- https://www.law.com/newyorklawjournal/2023/11/16/morgan-stanley-to-pay-six-states-6-5m-to-resolve-probe-of-data-security-breach/?slreturn=20240015070541
- https://www.cnn.com/2022/09/20/business/morgan-stanley-fine-customer-data/index.html
- https://www.cnbc.com/2023/11/16/morgan-stanley-fined-over-computers-with-personal-data.html
- https://www.courant.com/2023/11/16/banking-giant-pays-6-5m-for-data-breach-in-ct-200000-had-personal-information-exposed/